Basics of IT

Module 1 Introduction to Computer Basics Module 2 Open Office Calc Module 3 Open Office Writer Module 4 Open Office Impress Module 5 Networking Module 6 IT Security

Topic 0 Introduction to IT Security Topic 1 Password Management Topic 2 Data Protection Topic 3 Social Networking Sites and Social Netiquettes Topic 4 Summary

Topic 2:

Data Protection

Learning Objectives

At the end of this topic, you will be able to:

Define personal information

List components of personal information

Define privacy and privacy breach

List key privacy principles

Data Protection Think Privacy

What happened when Privacy failed?

T-Mobile admitted losing a storage device holding the records, including names, addresses, phone numbers and dates of birth, of 17 million German customers

Unencrypted back-up computer tapes from BNY Mellon's Share owner Services unit containing the confidential details of over 12 million customers was lost by a third party vendor

HSBC lost a computer disc containing the confidential personal details of around 370,000 of its UK life assurance customers

In August 2010,Zurich UK fined 2.26 million pounds

Enforcement action on Nationwide, Norwich Union, HSBC as well

Data Protection Think Privacy

What is Privacy?

Privacy is the right to control access to

information about oneself.

The right to privacy

means that the

individuals get to decide

what and how much

information to give up, to

whom it is given and for

what purposes.

Communication Privacy Organizational Privacy

Information Privacy Physical Privacy

Privacy

Data Privacy

What is Data Privacy?

Data privacy is the relationship between collection and dissemination of data, the public expectation of privacy and the legal issues surrounding them .

It is protecting corporate and personal customer and employee data under the possession of the organization.

Data Privacy

What is personal Information?

Any identifiable information about the customer held in any format is personal information.

In case of corporate, any information that is not available in the public domain but is shared with ICICI Bank is treated as personal information

Personal Data

Personal Details

Name and Address

Contact Details

Date of Birth

Age, Sex and ethnicity

National Insurance number

Passport Number

What is personal details??

What is family lifestyle details??

Personal Data

Family Lifestyle Details

Marital

Status

Next of Kin

Travel

Habits

Leisure

activities

Club Membership

Details

What is financial details?

Financial Details

Income

Salary

Bank

Account

Investments Credit History

Loans

Insurance Details

Personal Data

What is employment details?

Employment Details

Career

History

Recruitment

CV

Attendance

Record

Sickness

Record

Performance and

Appraisal Records

Disciplinary

And grievance Records

Personal Data

What is sensitive personal

data?

The data subject must give

explicit consent to the processing

of sensitive personal data. Sensitive

Personal

Data

Racial / Ethnic Origin

Religious

Beliefs

Physical or Mental

health Conditions

Criminal Convictions

Personal Data

What is privacy breach?

Any identifiable information about an individual held in any format is personal information. Privacy breach is

unauthorized access or collection, use or disclosure of personal information. Most common causes of privacy

breach are as follows:

Privacy Breach

Stolen, lost or mistakenly disclosed information

Faulty business procedure or operational break down

What constitutes privacy breach?

The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Privacy Breach

Compromise of Customer

Name No

What constitutes privacy breach?

The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Privacy Breach

Compromise of Customer

Name

Compromise of Account

Number Yes

What constitutes privacy breach?

The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Privacy Breach

Compromise of Customer

Name

Compromise of Gender

No

What constitutes privacy breach?

The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Privacy Breach

Compromise of Customer

Name

Compromise of Gender

Compromise of Age

Yes

The following are key privacy principles for ICICI Bank.

Key Privacy Principles

Accountability 1

Identify purpose 2

Consent from customer 3

Limiting use, Disclosure and Retention 4

Limiting collection 5

Accuracy 6

Safe Guarding of data 7

Key Privacy Principles

The bank is responsible for processing and storing the personal information collected in accordance with the applicable requirements.

Accountability

The bank should identify the purpose at or before the time of collection The bank must document why the information is collected The bank must inform the individual of whom the information is collected

and why the information is needed

Identify purpose

You will learn more about these principles in the next few slides.

Key Privacy Principles

Consent should be obtained at the time of collection of personal information

Consent must be obtained every time a new use of the information is identified

Consent

Collect only as much information that is directly required to serve the identification purpose

Limiting Collection

You will learn more about these principles in the next few slides.

Key Privacy Principles

Customer or employee personal data should not be disclosed to anyone including other employees who are not authorized to receive it. The following are the exceptions:

The disclosure is authorized by the customer Where disclosure is under compulsion of law Where there is duty to the public to disclose Where interest of bank requires disclosure Where the disclosure is made with the expressed or implied consent

of the customer

Limiting Use Disclosure and

Retention

You will learn more about these principles in the next few slides.

Key Privacy Principles

Keep the personal information of the customer and the employee complete and up to date as necessary. The measure to keep the data updated are:

While accepting the customers application and other service requests, make sure that the handwriting is readable and mandatory fields are completed

Be cautious while entering , amending customers or employees information in the system

Be cautious while adding any additional notes in customer or employees files

Accuracy

You will learn more about these principles in the next few slides.

Key Privacy Principles

Organizational security measures and policies should be strictly maintained to protect personal information against

Loss or theft Unauthorized access, disclosure, use, copying Destruction

Personal customer and employee data needs to be stored and treated with utmost care and security

Safeguard Client Information

You will learn more about these principles in the next few slides.

Benefits and Risks

The following are the benefits of ensuring the security of customers or employees personal information :

1. Builds customer confidence and trust

2. Increases customer satisfaction

3. Creates brand differentiator

The following are the security risks of losing customers or employees personal information:

1. Reputational risk and brand damage

2. Customer dissatisfaction

3. Fines, Compensation claims and prosecution and so on

Dos and Donts for Data Privacy

Follow these guidelines to ensure data privacy.

Dos

Shred confidential customer data if not required

Retain sensitive personal data if safe custody only till such a time as is necessary

Keep your desks and soft boards clear of customer data

Lock your drawers and cabinets

Delete records of personal data held in laptops or PCs that are not needed for business use

Harden your laptops and desktops with the help of IT team

Exercise caution during inter-judicial file transfers

Send personal data only through password protected files

Dos and Donts for Data Privacy

Follow these guidelines to ensure data privacy.

Donts

Email containing large amount of data. For example, name account numbers, balance

outstanding being sent in unprotected spreadsheet formats.

Keeping PCs or laptops unlocked

Leaving confidential documents on unattended printers

Sending emails that contain personal data in subject headings

Sharing customer personal data with friends or family

Sharing your NT password with your peers

You have the personal information of a customer on your laptop. You have left your workstation with

your laptop open for few seconds to have a glass of water. Is this a breach of data privacy?

a) Yes

b) No

01

Check Your Understanding

You have access to your neighbors account details. You have shared this information with your family member as you are confident that your family will not disclose this information to others. Is this

a breach of data privacy?

a) Yes

b) No

02

Check Your Understanding

Here is a recap of what you learnt:

Summary

Both, customers and employees personal information is collected by the bank.

Personal information constitutes of personal details, family lifestyle

details, financial details, employment details and sensitive personal

details

Data privacy is extremely important for a bank. Breach of privacy may

harm the reputation of the bank and cause expensive litigations.

Here is a recap of what you learnt:

Summary

Key privacy principles determines the privacy categories for both

customers and employees